The ISA server is servicing public devices, providing web proxy service
and running some third party content filtering software on port 8080 of
the browser's configuration. Staff devices' browsers are not configured
to use web proxy server, but communicate on port 80 to the Internet.

Everything was working during testing at both local and remote sites.
However, when I set this up for production, after a few minutes of
operation, the 7206 started to reset itself over and over. It wasn't an
entire reboot, but looked like it was resetting all interfaces.
(However, I would note that none of the counters for any of the
interfaces showed a rise in interface resets...)

A sh logging command only displays the messages for the interfaces'
states going down/up.

Disconnected the ISA server from F1/1 and the router behaves as
expected.

Has anyone every seen anything like this, or can tell me why this
configuration would cause this to occur?
TIA

Popular White Paper On This Topic

Rick,
What you have done it appears looking at your layout is you have
created a loop. The loop exists when you connected the ISA server on NIC2.
The 7206 then is in a constant learning process of building ARP tables and
Routing tables. If you look at your drawing you can go to 172.16.1.2 via
either Fa1/0 or FA1/1. That link between your firewall of 172.16.1.1 to
172.16.1.2 is the problem. Technically anything on either of those 7206
interfaces is accessible from the other interface.

When you disconnected the ISA server you broke the loop. Try just
disconnecting NIC2 on the ISA and see if this stops the flapping of the
interfaces.

The diagram that I laid out was wrong in that regard, having one extra
"link line" in it. Sorry. The firewall has 3 ports, External, Trusted
and Optional. That part of the diagram should look like this:

The firewall is set up with NATting and routing rules that should
prevent the Trusted and Optional traffic from comingling. The 7206 then
has the rest of the set as outlined below. A DS3 ciruit, connecting
remote T1 lines from branches and F0/0 connecting to the switch here in
the main building. I would note that F0/0 is configured for VLANS,
using subinterfaces F0/0.1 and F0/0.2.

I really don't want to run all our traffic through the ISA server, but I
may have to if I can't figure out why this configuration caused all the
Cisco interfaces to reset. It seems unlikely that a Cisco router can't
handle traffic on more than 2 Ethernet ports.